Hi, intrigeri: > I might try to come up with a hackish PoC for Tails soon
Here we go! Installing the four following files (slightly adapted to drop a couple Tails-specific bits) on a Stretch system seems to do the job. I hope it can allow interested people to validate this approach, and then if there's enough demand I bet someone will integrate it into initramfs-tools properly :) If additional cleanup must be done from inside the initramfs after returning to it, drop snippets in /usr/share/initramfs-tools/hooks/* that install the required scripts into /lib/systemd/system-shutdown/ *in the initramfs*. E.g. for Tails I had to do quite more work there to ensure the aufs stack our root filesystem uses is disassembled properly (again in order to have the aufs read-write branch, on tmpfs, cleaned up and its content erased by Linux' memory poisoning); I'll contribute this code to live-boot if/when this feature is properly integrated into initramfs-tools. I don't know if I'll work more on this wrt. initramfs-tools. It'll depend a lot on the timing of Tails moving to dracut, which is entirely unclear at this time. Sorry! /lib/systemd/system/initramfs-shutdown.service ---------------------------------------------- [Unit] Description=Restore /run/initramfs on shutdown Documentation=https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/ After=local-fs.target boot.mount boot.automount Wants=local-fs.target Conflicts=shutdown.target umount.target DefaultDependencies=no ConditionPathExists=!/run/initramfs/bin/sh [Service] RemainAfterExit=yes Type=oneshot ExecStart=/bin/true ExecStop=/usr/share/initramfs-tools/initramfs-restore [Install] WantedBy=multi-user.target /usr/share/initramfs-tools/initramfs-restore -------------------------------------------- #!/bin/sh set -e set -u WORKDIR=$(mktemp -d) /usr/bin/unmkinitramfs /initrd.img "$WORKDIR" mv "$WORKDIR"/main/* /run/initramfs/ rm -rf "$WORKDIR" /lib/systemd/system-shutdown/initramfs-tools -------------------------------------------- #!/bin/sh # Otherwise systemd-shutdown cannot execute /run/initramfs/shutdown mount -o remount,exec /run /usr/share/initramfs-tools/hooks/shutdown ----------------------------------------- #!/bin/sh set -e PREREQ="" prereqs () { echo "${PREREQ}" } case "${1}" in prereqs) prereqs exit 0 ;; esac . /usr/share/initramfs-tools/hook-functions # systemd-shutdown itself mkdir -p $DESTDIR/lib/systemd copy_exec /lib/systemd/systemd-shutdown /shutdown # Ensure systemd detects when we're in the initramfs on shutdown # (see the in_initrd function in the systemd source tree) touch $DESTDIR/etc/initrd-release exit 0 Cheers, -- intrigeri
